Xeni Jardin:

Computer security researchers at Independent Security Evaluators say they've found a way to take control of an iPhone by way of a WiFi connection or by tricking users into accessing malware on a website.

This is the first report of a verified data security vulnerability with Apple's iPhone, but no known exploit incidents have occurred. Apple says they're evaluating ISE's findings.

John Schwartz reports in Monday's New York Times:

[ISE's Charles A.] Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone’s Web browser to visit a Web site of his own design.

Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages — including one that had been sent to the reporter’s cellphone moments before — as well as telephone contacts and e-mail addresses.

“We can get any file we want,” he said. Potentially, he added, the attack could be used to program the phone to make calls, running up large bills or even turning it into a portable bugging device.

Link to article.

exploitingiphone.com has more info, including a preliminary version of the paper describing the attack. the ISE's Dr. Miller is scheduled to present the details of the exploit at BlackHat in Las Vegas on August 2.

The website also includes an h.264 (= iphone-compatible) video that demonstrates the exploit: Video Link. Note that scotch tape and pretzels are required to complete this sophisticated hack.

Now, given all that, I love the way the NYT story ends:

[ISE founder Aviel D.] Rubin said, “I will think twice before getting on a random public WiFi network now,” but his overall opinion of the phone has not changed. “You’d have to pry it out of my cold, dead hands to get it away from me,” he said.

thefickler writes "Microsoft has confirmed the existence and coming launch of the long rumored Zune 2.0 or 2nd generation Zune, and it appears that Microsoft will expand the Zune family with new styles, sizes, and price points. 'Future Zune products will feature podcasting support and expanded video support. The Zune will also move into other geographic markets when Microsoft feels it has an appealing product to offer those demographics. Perhaps most importantly of all, the representative mentioned that Microsoft will build on the wireless support. Maybe we'll finally have the freedom of synching our digital audio players via wi-fi. The rep didn't mention anything specific about Microsoft's rumored answer to the iPod Shuffle. But interesting rumors from sources considered "reliable" point to a very innovative product.'"

Read more of this story at Slashdot.

An anonymous reader writes "According to a recent CNET article, digital camera costs could increase in Europe as result of trade inequalities. 'At the moment, all digital cameras are manufactured outside Europe. They're all imported. All of them. Currently, there's a European Commission-imposed 4.9 per cent import tariff on camcorders, but not on cameras, whatever their video-recording abilities. The EC's Nomenclature Committee has cottoned on to this and wants to slap a tax on cameras that can record at least 30 minutes of video in one go, with a resolution of 800x600 pixels or higher at 23 frames per second or higher. The Nomenclature Committee has recommended the proposal but has not, as yet, garnered the required majority vote.'" Update: 07/23 02:18 GMT by Z : Took out a bit of hyperbole.

Read more of this story at Slashdot.

Pcol writes "In the July 20 issue of the Washington Post, columnist Al Kamen reports that the BBC has translated an story headlined 'spying squirrels,' published in the Iranian newspaper Resalat on the use of trained animals to conduct espionage against their country: 'A few weeks ago, 14 squirrels equipped with espionage systems of foreign intelligence services were captured by [Iranian] intelligence forces along the country's borders. These trained squirrels, each of which weighed just over 700 grams, were released on the borders of the country for intelligence and espionage purposes.' According the story the squirrels had 'GPS devices, bugging instruments and advanced cameras' in their bodies. 'Given the fast speed and the special physical features of these animals, they provide special capabilities for spying operations. Once the animals return to their place of origin, the intelligence gathered by them is then offloaded. . . .' Iranian police officials captured the squirrels before they could carry out their assignments."

Read more of this story at Slashdot.

At midnight on Friday Harry Potter and the Deathly Hallows was released, ending the ten year run of J.K. Rowling's extremely popular book series. I imagine that there are a few folks here who have already read the book and want to talk about it. Likewise, the movie version of Order of the Phoenix was recently released (a film I was kind of underwhelmed by). So ... what did you think of them? Be forewarned: I imagine the comments will be filled with spoilers.

Read more of this story at Slashdot.

At midnight on Friday Harry Potter and the Deathly Hollows was released, ending the ten year run of J.K. Rowling's extremely popular book series. I imagine that there are a few folks here who have already read the book and want to talk about it. Likewise, the movie version of Order of the Phoenix was recently released (a film I was kind of underwhelmed by). So ... what did you think them? Be forewarned: I imagine the comments will be filled with spoilers.

Read more of this story at Slashdot.

crazyeyes writes "AMD has been very tardy with Barcelona. Countless AMD fans have eagerly awaited a new processor. As the day draws closer, TechARP takes a look at the upcoming quad-core AMD Opteron. Is there more to it than just its four processing cores? Will it be the Intel-killer that AMD promised long ago? From the article: 'AMD is in the same boat as ATI. Delays after delays of their long-awaited Barcelona core not only ensured the dominance of their rival, Intel, in the desktop processor market, it also ensured that Intel would be the only choice for those who want a quad-core processor. Although that wait will end in August, 2007 when the Barcelona is finally launched, it remains to be seen if AMD's new processor will be able to inflict serious damage to Intel's dominance.'"

Read more of this story at Slashdot.

An anonymous reader writes "'E-mail is, like, soooo dead' is the headline at News.com, where a piece looks at youth attitudes towards communication mediums. A group of teenage internet business entrepreneurs confessed that they really only use email to 'talk to adults'. Primarily, these folks are using social networks to communicate. 'More and more, social networks are playing a bigger role on the cell phone. In the last six to nine months, teens in the United States have taken to text messaging in numbers that rival usage in Europe and Asia. According to market research firm JupiterResearch, 80 percent of teens with cell phones regularly use text messaging. Catherine Cook, the 17-year-old founder and president of MyYearbook.com, was the lone teen entrepreneur who said she still uses e-mail regularly to keep up with camp friends or business relationships. Still, that usage pales in comparison to her habit of text messaging. She said she sends a thousand text messages a month.'"

Read more of this story at Slashdot.

Paris The Pirate writes "This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'."

Read more of this story at Slashdot.

jcatcw writes "On Thursday released a new set of global statistics pointing out the biggest spam relaying countries in the world. Toping the list between April and June of this year was the US and China. 'Sophos senior security consultant Carole Theriault said that while the U.S. remains the top spam dog, there results show an urgent need for countries to join together and take global action. "Once a machine is compromised, it is often used to send out spam for a variety of campaigns," she said. "In a matter of seconds, we can see compromised systems send messages on a dozen different topics from stock scams to diet drugs." Paul Ducklin, Sophos Asia Pacific head of technology, said that spammers are ready to "borrow" any computer illegally to send e-mail regardless of the location.'"

Read more of this story at Slashdot.

AGFlamey writes "On Angry Gamer is an interesting and lengthy article about the new direction Nintendo are taking with the Wii and in particular "non-games" like Wii Fit and Big Brain Academy. From the article: "Hardcore folks don't like to admit it, but Mario and Zelda are relics of the past. It's become quite clear that Nintendo is losing interest in remaking the same old games over and over. They want to pull us into something new, if only we can give them the chance." Is it such a bad thing that Nintendo are neglecting their roots?"

Read more of this story at Slashdot.

Late-Eight writes "Scientists at the Georgia Institute of Technology are working on a new type of nanogenerator that could draw necessary energy from flowing blood in the human body. The hope is to incorporate the new nanogenerator into biosensors, environmental monitoring devices and even personal electronics that will require no fuel source, internal or external. Once completed, this new cellular engine could find various applications, even beyond medicine."

Read more of this story at Slashdot.

IL-CSIXTY4 writes "'Pyro is a new kind of desktop environment for Linux built on Mozilla Firefox. Its goal is to enable true integration between the Web and modern desktop computing.' This looks like an interesting marriage of the web and the desktop. In Pyro, Web apps run in windows on the desktop, right alongside desktop apps (through compositing). Features expected in a desktop environment, like task/window selection and an Expose-like function, are written in Javascript." "

Read more of this story at Slashdot.

Eatfrank writes "A recent CNet article suggests that Mozilla should pipe a lite version of Firefox into older PCs to further attack IE's dominance: 'Firefox supporters, take note. A bare-bones Firefox will get the browser into more houses, increasing the Fox's market share and keeps it in novice users' eyes for when they get a new PC ... a truly great super-lightweight browser would have the security of Firefox, without the add-ons, without the tabs, yes, even without favourites, history lists and customisability. The Firefox name is synonymous with security and Web-browsing vigilance. Why not give this to the processing lightweights of the PC world?'"

Read more of this story at Slashdot.

stemcellar writes with a link to the ScienceDaily site, reporting on a method for adult stem cells to grow cornea stem cells. This use of differentiated stem cells in therapies on specific parts of the body is fairly novel, the article states, and could have numerous applications in medicine. "The research undertaken by the ophthalmologist has shown that, from a small biopsy sample, the new growth technique enables the growth of the number of stem cells thus obtained to the point of obtaining sufficient for the treatment to be effective. The cell sample is taken from the limb of the healthy eye - the ocular structure responsible for the transparency of the cornea. The importance of this growth method lies in the fact that it enables the characterization of the cells obtained, i.e. determining the quantity and viability of the units to be used."

Read more of this story at Slashdot.

liquidat writes "Linus Torvalds has included patches into the mainline tree which implement a stable userspace driver API into the Linux kernel. The stable driver API was already announced a year ago by Greg Kroah-Hartman. The last patch to Linus' tree included the new API elements. The idea is to make life easier for driver developers: 'This interface allows the ability to write the majority of a driver in userspace with only a very small shell of a driver in the kernel itself. It uses a char device and sysfs to interact with a userspace process to process interrupts and control memory accesses.'"

Read more of this story at Slashdot.